1. Field of the Invention
The present invention relates to technology for encrypting communications data on the basis of a public key cryptosystem, and more particularly to technology for verifying the validity of public key certificates.
2. Description of the Related Art
In a public key cryptosystem, a public key certificate, such as one issued by a certification authority, is used to certify the validity of the public key. The public key certificate ordinarily specifies under a digital signature, such as from a certification authority, a signature public key and its term of validity so that a user (or software used by a user) can confirm that the public key is authentic or within the term of validity.
For example, when performing an encryption process for a digital signature or encryption on the basis of a public key cryptosystem in an electronic mail (e-mail), confirmation of the validity of the public key certificate is being performed the moment the user specifies a destination or issues a transmission command. In Microsoft Corporation's Outlook 2003 (registered trademark) e-mail software for personal computers (PC), the validity of a certificate is verified when the transmission command is issued.
In Outlook 2003, an e-mail with a public key certificate that has been verified is temporarily stored in an outbox tray before being transmitted to a destination. Then, even if power to the PC is interrupted or a mail server becomes inoperable with the e-mail stored in the outbox tray, the e-mail that is stored in the outbox tray is transmitted after normal operation is restored. Thus, it is possible for a problem to occur where the term of validity of the public key certificate expires during the period before normal operation is restored.
This problem also occurs in Internet facsimile, which combines facsimile and e-mail. In Internet facsimile, if a transmission job is not completed, such as due to an interruption of power to a device, it is executed as a recovery job after normal operation is restored. This results in the transmission of a digitally signed e-mail or an encrypted e-mail relating to an expired public key certificate. Furthermore, a similar problem may occur in Internet facsimile if the transmission command is performed by specifying a transmission time.
Generally, if encryption is performed on the basis of an expired public key certificate, an error is generated at the destination and the purpose of the transmission becomes impossible to achieve. Furthermore, in this case, wasteful processes are performed at the originator and at the destination. Moreover, from a security point of view, it is not desirable to use an expired public key certificate.